Cybersecurity programs too often fall short of the threats that they are meant to thwart. Compliance mandates define broad scopes, and the work and effort that cybersecurity teams devote to achieving compliance often don’t match the frequency, depth, or functional requirements needed to mitigate the threats that they face. So let’s start with a practical look at some very specific activities to focus on instead of just callously saying that compliance does not equal security.

Conversely, the work of Christ, finished at Calvary’s Cross, fully meets the threat that believers face in a fallen world and for the Kingdom of God. So what work are we as believers then called to do? Let’s go to the scripture and see what specific activities God calls on believers to focus on, and see what he reveals as Good Works for the Kingdom.

When we go to work each day, how do we combine the cybersecurity activities and Good Works activities to achieve God’s goals for us, and how can we rest in the Finished Work with faith and confidence.

Speaker Bio:

Brian’s information security career stretches over 20 years, including progressive roles from security analyst to running a non-profit company during his role as Executive Director for the Retail Cyber Intelligence Sharing Center (R-CISC) to provide retail industry collaboration to share intelligence on cyber threats, vulnerabilities, mitigation, and remediation. Prior roles include Chief Information Security Officer positions in state government, including the position of CISO for the State of Texas.

Brian now works in the private sector as the founder and CEO of Riskceptional Strategies LLC, working with businesses in all industries and of all sizes to advance and mature cybersecurity program capabilities. Brian has participated and led within the Information Security community throughout his career, and is very proud to be among the founding members of the Hackformers leadership team. Brian holds the CISSP (Certified Information Systems Security Professional) and CISA (Certified Information Systems Auditor) certifications.

Abstract:In 25 years of information technology and security, I have dealt first hand with social engineering attacks, hacking, phishing, scams, and awareness training to address some of these threats. Seeing the same thing happen over and over again, tends to make one become jaded, cynical, always looking at the negative side of life, criticizing, and finding faults to make fun of, which I find myself victim to at times.

In this talk we will see that social engineering is not unique to modern times, and that the jaded feeling of spinning one’s wheels is not unique to me. In fact, one of the earliest social scams is recorded in the Bible and it occurred about 4,000 years ago when between brothers (twins) from which different nations arose.

Come for an informative session on how social engineering, a old trick still have many applications in this day and age that we live in.

Speaker Bio:

David is a senior information security engineer for AllClear ID, helping companies that have been breached take care of their employees and customers. Prior to that, he spent two decades at Intel Corporation, winding his way through customer support, system administration, patch management, LAN and firewall implementation, threat intelligence, and security engineering.

A common comment David hears from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like us have chosen to make a profession out of hacking and defending. Others have chosen different paths – paths where we would be lost. Writing and teaching are David’s effort to share this knowledge with those that are experts in something else.

When not in front of a digital screen, David spends his time raising five rambunctious teenagers – including two sets of twins. His family enjoys archery, raising animals, and simply enjoying life in the Texas hill country.

For a decade David served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while he has retired from that role he continues to have a passion for children’s ministry. At the moment he teach 1st through 3rd grade Sunday School.

Abstract:Account management may seem like an uninteresting topic compared to recent security-related headlines but it is still one of the fundamental requirements for achieving a proactive enterprise information security program. Internal attackers use their legitimate accounts for unethical purposes and external attackers try to gain internal access through active employee accounts. Good account management still serves as an effective attack deterrent because with current high turnover rates in business, companies often fail to disable employee accounts which can be accessed for illegitimate gain. This presentation will detail important procedures for the creation, monitoring, auditing and deactivation employee company accounts in the teach security part.

In the teach Christ part of the presentation, the term “gatekeeper” which is referred to several roles in the Bible, would be covered. Soldiers served as gatekeepers to protect a walled city from invasion by sounding an alert upon any invasion. Priests served as gatekeepers of a temple to protect it from unholy acts or to ensure that its members followed God’s Commandments. Jesus called Himself “The Gate” as a guardian for His sheep. How does this apply to effective account management and how Jesus is the ultimate gatekeeper against the dangers to our soul will be taught.

Speaker Bio:

Larry Moore has nearly two decades of Information Security experience as part of his thirty-one year IT career and currently works as a Senior Information Risk Management Consultant for Dell Services’ external clients. He has worked in many other capacities such as critical infrastructure protection, mobile platform payment solutions, trusted platform services and data center architecture and audits in both the public and private sectors.

Larry graduated from the Florida Institute of Technology with a degree in Computer Science and began his work on various projects for NASA. His post-NASA work included applications, device drivers and kernel extensions on various operation systems such as OS/2, Windows and Unix variants. His work on the AIX security kernel included audit, single sign-on, PKI and a behavioral-based intrusion detection tool that was a precursor to his migration to the information security field. Larry’s work for Texas included the delivery of the state’s primary and backup internal data centers and established the framework for the implementation of texas.gov and has lead in data center security program developments around the globe.

Abstract:Of the many security processes that is to be followed when building secure software, one crucial process is code audit or code review. Code audits when properly done from a security standpoint can attest to the resiliency of the software against hacker attacks.

In the “Teach Security” part of this talk, we will focus on “Auditing for your software” and look at what is a code audit and what it is not, the types of code audit, the controls to look for when doing a code audit, and how to conduct a proper code audit from a cybersecurity perspective. In the “Teach Christ” part of this talk, we will look at “Auditing for your soul” covering the need to look within oneself to ensure that one is not vulnerable to the exploits of the devil or his ways, and look at God as the ultimate soul auditor. In the “Teach Security in Christ” part of this talk, we will focus on Jesus Christ, The ultimate control, as it pertain to the final audit that every one would have to go through.

Speaker Bio:Mano ‘dash4rk’ Paul (@manopaul) is a shark biologist turned security professional. He is the author of the acclaimed “7 Qualities of Highly Secure Software” and the “Official (ISC)2 Guide to the CSSLP.” He founded and served as the CEO of SecuRisk Solutions. Before SecuRisk Solutions, Mano managed the application security program at Dell. His InfoSec experience includes designing & developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, penetration testing, vulnerability analysis, and security awareness training & education. Mano was appointed as the software assurance advisor for (ISC)2 and is a member of the AppSec Advisory Advisory Council. He was recognized and honored by being awarded the first Information Security Leadership Awards (ISLA) as an information security practitioner in 2011, for his contributions to the security industry.

Mano holds the following professional certifications – CSSLP, CISSP, GIAC GSSP-.Net, EC-Council ECSA (Licensed Penetration Tester), Microsoft Certified Solutions Developer (MCSD), Microsoft Certified Application Developer (MCAD) and the CompTIA Network+ certification. In addition to his MIS degree, Mano holds a Bachelor of Science degree from the University of Chennai, India, and a Diploma in Import Export Management from the Indian Institute of Export Management.

Mano founded HackFormers which is a faith-based non-profit organization with the mission to Teach Security, Teach Christ and Teach Security in Christ. He is married to Sangeetha Paul and he enjoys spending time with their two sons, Reuben and Ittai.